issue with krb5_prompter_posix() design

Will Fiveash will.fiveash at
Thu Apr 15 16:56:30 EDT 2010

On Thu, Apr 15, 2010 at 04:27:47PM -0400, Greg Hudson wrote:
> On Thu, 2010-04-15 at 16:23 -0400, Will Fiveash wrote:
> > Seems to me the PAM approach is better since it's acquiring the reply.
> > Anyway this is adding complication to the prompter bridge function I
> > wrote in pam_krb5 to allow preauth plug-ins like pkinit to prompt via a
> > PAM conversation function.
> I agree that the PAM approach is better, but since this is a public
> interface, I don't see any way of getting from here to there without
> more pain than the benefit justifies.
> (Barring some kind of generalized krb5 API revamp, anyway--not a venture
> I'm prepared to charge ahead on while there are so many internals to
> clean up.)

Yeah, I noticed krb5_prompter_posix() was a public interface and had a
feeling I'd get the above reponse.  Not a big problem now that I'm aware
of this issue but I thought I'd mention it anyway as it may be a source
of memory leaks for others.

Will Fiveash
Note my new work e-mail address: will.fiveash at
Sent using mutt, a sweet text based e-mail app:

More information about the krbdev mailing list